topaLE
/
wireguard-manager-gui
mirror of https://github.com/perara/wg-manager.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Improved documentation

pull/5/head
Per-Arne 5 years ago
parent
a983fb3564
commit
37f997316f
4 changed files with 112 additions and 46 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 82
      README.md
  2. 13
      docs/guides/docker_configuration.md
  3. 61
      docs/guides/import_existing_server.md
  4. 2
      docs/guides/reverse_proxy.md

82
README.md
View File

@ -1,49 +1,45 @@
# wg-manager # wg-manager
The wg-manager provides a easy-to-use graphical interface to setup and manage WireGuard server(s). The wg-manager provides an easy-to-use graphical web interface to import, setup, and manage WireGuard server(s).
The following features is implemented:
* Create/Delete/Modify Server
* Create/Delete/Modify Users
* QRCode export
* Text export
* Start/Stop server
* User bandwidth usage statistics
The interface runs in docker and requires the host to have installed wireguard, either as a dkms module, or by using newer kernels (5.6+) The features of wg-manager includes:
**Server**
* Create/Delete/Modify
* Start/Stop/Restart server
* Import existing
**Peer**
* Create/Delete/Modify
* Bandwidth usage statistics
* Export by QRCode, Text
**General**
* Modify Admin User
# Dependencies # Dependencies
* wireguard-dkms or Linux kernel >= 5.6 * Linux >= 5.6 *(Alternatively: wireguard-dkms)*
* python 3.6+
# Installation (Docker) # Common Installation Steps
1. Enable ip forwarding with `sysctl -w net.ipv4.ip_forward=1` 1. Enable ip forwarding with `sysctl -w net.ipv4.ip_forward=1`
1.1. To make the forwarding persistent add `net.ipv4.ip_forward = 1` to `/etc/sysctl.d/99-sysctl.conf` * To make the forwarding persistent add `net.ipv4.ip_forward = 1` to `/etc/sysctl.d/99-sysctl.conf`
2. It is recommended to have a firewall protecting your services 2. It is recommended to have a firewall protecting your servers
## Docker
```bash
docker run -d \
--cap-add NET_ADMIN \
--name wireguard-manager \
--net host \
-p "51800-51900:51800-51900/udp" \
-v wireguard-manager:/config \
-e PORT="8888" \
-e ADMIN_USERNAME="admin" \
-e ADMIN_PASSWORD="admin" \
perara/wireguard-manager
```
## Docker-compose ## Notes
* A few people has experienced issues with running the dockerized method using bridged networking. To fix this, you can use `network_mode: host`. Note that you can no longer reverse-proxy the web interface from reverse proxies such as [jwilder/nginx-proxy](https://hub.docker.com/r/jwilder/nginx-proxy/).
## Method #1: Docker-compose
```yaml ```yaml
wireguard: wireguard:
container_name: wireguard-manager container_name: wireguard-manager
image: perara/wireguard-manager image: perara/wireguard-manager
cap_add: cap_add:
- NET_ADMIN - NET_ADMIN
#network_mode: host # Alternatively
ports: ports:
- 51800:51900/udp - 51800:51900/udp
- 8888:8888 - 8888:8888
volumes: volumes:
- ./ops/wireguard/_data:/config - ./wg-manager:/config
environment: environment:
HOST: 0.0.0.0 HOST: 0.0.0.0
PORT: 8888 PORT: 8888
@ -51,11 +47,20 @@ perara/wireguard-manager
ADMIN_USERNAME: admin ADMIN_USERNAME: admin
WEB_CONCURRENCY: 1 WEB_CONCURRENCY: 1
``` ```
or [plain docker here](./docs/guides/docker_configuration.md)
# Install (OS) # Method #2: Bare Metal
- [Installation on Debian/Ubuntu](./docs/install_debian.md) (TODO) - [Installation on Debian/Ubuntu](./docs/install_debian.md)
- [Installation on Raspberry PI 4](./docs/install_rpi.md) - [Installation on Raspberry PI 4](./docs/install_rpi.md)
### Guides
- [Importing Existing configuration](./docs/guides/import_existing_server.md)
- [Reverse Proxy](./docs/guides/reverse_proxy.md)
# Usage
When docker container/server has started, go to http://localhost:8888
# Environment variables # Environment variables
| Environment | Description | Recommended | | Environment | Description | Recommended |
|------------------|--------------------------------------------------------------------------|-------------| |------------------|--------------------------------------------------------------------------|-------------|
@ -68,21 +73,6 @@ perara/wireguard-manager
| ADMIN_USERNAME | Default admin username on database creation | admin | | ADMIN_USERNAME | Default admin username on database creation | admin |
| ADMIN_PASSWORD | Default admin password on database creation | admin | | ADMIN_PASSWORD | Default admin password on database creation | admin |
# Usage
When docker container is started, go to http://localhost:80
### Importing existing configuration
1. Click the Import configuration button in the right pane
2. Select all relevant server and client files. There is a few cases here:
1. If you only provide a server configuration. Everything will load fine, but you cannot export peer.configurations
2. If you provide both client and server configurations. Everything should work ok
3. Client should have [Interface] and [Peer] defined. Currently only supporting clients with 1 peer section.
# Reverse Proxy
Use jwilder/nginx-proxy or similar.
# Showcase # Showcase
![Illustration](docs/images/0.png) ![Illustration](docs/images/0.png)

13
docs/guides/docker_configuration.md
View File

@ -0,0 +1,13 @@
# Docker Configuration
```bash
docker run -d \
--cap-add NET_ADMIN \
--name wireguard-manager \
--net host \
-p "51800-51900:51800-51900/udp" \
-v wireguard-manager:/config \
-e PORT="8888" \
-e ADMIN_USERNAME="admin" \
-e ADMIN_PASSWORD="admin" \
perara/wireguard-manager
```

61
docs/guides/import_existing_server.md
View File

@ -0,0 +1,61 @@
# Importing existing configuration
It is not unusual to have existing WireGuard configurations in production, and for this reason, we support to import these in full or partial form.
It is possible to:
1. Import server configuration only
* Peer export will not work due to impartial information, such as missing private-key
2. Import peer configuration only,
* Server configuration will only be partial. e.g private-key must be manually entered
3. Import server **and** peer configuration.
* Given compliant configuration (see assumptions), everything should be fully imported.
## Configuration assumptions
There are a few assumptions made for the configuration to be successfully imported.
1. Generally, any file that **does not contain** **Endpoint** key in the Peer sections are servers. The import will fail
if multiple files is without Endpoint
2. All files that **have Endpoint defined** are considered peers of the server
3. All files should be imported at the **same time**
### Server
The format of the server should look similar to this:
```
[Interface]
Address = 10.0.92.1/24
PrivateKey = 0MHXsC4zJrDZA5MpZZKQiS/j5srAvSC9bJx7Igtq1FE=
ListenPort = 56944
PostUp =
PostDown =
[Peer]
PublicKey = XNRPEweV3guSis3YRHDBldizn6xivv+2Tug0G/BM6gE=
AllowedIPs = 10.0.92.2/32
[Peer]
PublicKey = XNRPEweV3guSis3YRHDBldizn6xivv+2Tug0G/BM6gE=
AllowedIPs = 10.0.92.3/32
```
### Peer
```
[Interface]
Address = 10.0.92.2/24
PrivateKey = aN08xqUVOEAoc74e2yzvN/yOtXJgtISru7mjrPFhlUY
DNS="8.8.8.8"
[Peer]
PublicKey = gybMBZBfwsmsXBl8bG2ZobGiG77aGdxOoyQsjTzrKkY=
AllowedIPs = 0.0.0.0/0
Endpoint = my-address.com:5455
<! THIS IS INVALID !> <! THIS WONT WORK !>
[Peer]
PublicKey = gybMBZBfwsmsXBl8bG2ZobGiG77aGdxOoyQsjTzrKkY=
AllowedIPs = 0.0.0.0/0
Endpoint = my-address.com:5455
```
Note that we do **not** support importing peers with multiple peer sections.
## How to
1. Click the **Import Configuration** button in the right pane
2. Select all relevant server and client files and submit.
3. If successfully, the server configuration should now be filled and a indicator on how many peers added is shown at the bottom of the form.

2
docs/guides/reverse_proxy.md
View File

@ -0,0 +1,2 @@
# Reverse Proxy
Use jwilder/nginx-proxy or similar.
Write Preview
Loading…
Cancel
Save